Skip to main content

AWS CloudFormation - Deploy AWS Resource Stacks with AWS CloudFormation and AWS CLI

490 words·
AWS CloudFormation
Table of Contents

The following blog entry provides an example for the deployment of a S3 bucket with AWS CloudFormation from the AWS CLI.

Prerequisites
#

IAM Permissions
#

Create an IAM user, create access keys for the user and add the following managed policies:

  • AWSCloudFormationFullAccess Use the following policy to create, update and delete stacks with AWS CloudFormation:

  • AmazonS3FullAccess S3 full access: Perform any action like creating, deleting, and modifying buckets and objects within them-

AWS CLI
#

# Install AWS CLI version 2
sudo apt install curl zip -y &&
cd /tmp &&
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" &&
unzip awscliv2.zip &&
sudo ./aws/install
# Verify / check version
aws --version
# Add the IAM user access key, secret access key & define the default region
aws configure

CloudFormation Templates
#

AWS CloudFormation templates are used to define AWS resources and are written in JSON or YAML.

Create Template
#

# Create CloudFormation template
vi cloudformation.yml

Block all public access: On

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: jkw-unique-bucket-name
      PublicAccessBlockConfiguration: # Block all public access
        BlockPublicAcls: true
        IgnorePublicAcls: true
        BlockPublicPolicy: true
        RestrictPublicBuckets: true
      VersioningConfiguration:
        Status: Enabled  # Enable versioning

Block all public access: Off

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: jkw-unique-bucket-name
      VersioningConfiguration:
        Status: Enabled # Enable versioning

  BucketPolicy:
    Type: 'AWS::S3::BucketPolicy'
    Properties:
      Bucket: !Ref MyS3Bucket
      PolicyDocument:
        Statement:
          - Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Sub 'arn:aws:s3:::${MyS3Bucket}/*'

Deploy Template / Stack
#

A stack is a collection of AWS resources that are managed as a single unit. If the creation of one resource fails, AWS CloudFormation rolls back the entire stack / it deletes all it’s resources.

# Deploy a stack from the template: Default region
aws cloudformation create-stack --stack-name my-stack --template-body file://cloudformation.yml

# Deploy a stack from the template: Specific region
aws cloudformation create-stack --stack-name my-stack --template-body file://cloudformation.yml --region us-east-1
# Monitor the deployment
aws cloudformation describe-stacks --stack-name my-stack

Update Stack
#

# Update the stack
aws cloudformation update-stack --stack-name my-stack --template-body file://cloudformation.yml

List Stacks
#

# List AWS CloudFormation stacks: Default region
aws cloudformation describe-stacks

# List AWS CloudFormation stacks: Specific region
aws cloudformation describe-stacks --region us-east-1

Stack Logs & Events
#

# List stack events: Default region
aws cloudformation describe-stack-events --stack-name my-stack

# List stack events: Specific region
aws cloudformation describe-stack-events --stack-name my-stack --region us-east-1

Filter key details:

# List stack events: Default region
aws cloudformation describe-stack-events --stack-name my-stack --query "StackEvents[*].[Timestamp, EventId, ResourceType, LogicalResourceId, ResourceStatus, ResourceStatusReason]"

# List stack events: Specific region
aws cloudformation describe-stack-events --stack-name my-stack --region us-east-1 --query "StackEvents[*].[Timestamp, EventId, ResourceType, LogicalResourceId, ResourceStatus, ResourceStatusReason]"

Delete Stack
#

# Delete the stack: Default region
aws cloudformation delete-stack --stack-name my-stack

# Delete the stack: Specific region
aws cloudformation delete-stack --stack-name my-stack --region us-east-1

Deployment Testing
#

AWS CLI
#

# List the available S3 buckets: All regions
aws s3 ls

CloudFormation Console
#

# AWS CloudFormation Console
https://console.aws.amazon.com/cloudformation

Note: Select the stack and option the “Events” section to check the logs.


Links #

# Official Documentation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-whatis-concepts.html